Nmap Development mailing list archives
tcpwrapper hassle
From: Edin Dizdarevic <edind () gmx de>
Date: Mon, 30 Nov 2009 08:00:56 +0100
Hello list,what I experienced recently was a huge flat ground /16 network with many nodes using tcpwrapper. Some of them were simply showing almost all ports open which just took a lot, I mean _really_ lots of time to scan.
First of all I did not expect so many nodes the customer neither - and then (before writing down the scan(!)) nmap crashed a few times consuming 2GB ram.
Is there any other, smarter approach than it was mine - I assume there is - to cope with such stuff?
The facts/prerequisites for the job were: * Sensitive environment, no aggressive scans allowed but T4 was fine * /16 Network, unknown number of nodes (it came out 1500) * Full TCP and UDP scan with service and OS recognition required * Many systems showing almost all TCP ports open (tcpwrapped)The hints I found in the nmap book about speeding up TCP and UDP scans were extremely helpful but in this case it did not help me that much at the end of the day. (But nice book... ;-))
Regards, Edin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- tcpwrapper hassle Edin Dizdarevic (Nov 30)
- Re: tcpwrapper hassle Richard Sammet (Nov 30)
- <Possible follow-ups>
- Re: Fwd: Re: tcpwrapper hassle securityfocus () truesec de (Nov 30)